Sharing Supply-Chain Data

Tracking drug and medical device movement along the supply chain could yield valuable results. Manufacturers could verify that authorized parties have received their products, and healthcare providers could plan care around incoming shipments. The electronic product code (EPC) promises to make collection of such data even easier, given its ability to be captured with non-line-of-sight technologies such as radio-frequency identification (RFID). Real-time information could potentially speed product authentication and, therefore, patient care.

One approach to such visibility can be seen in evolving pedigree requirements from individual states, which are intended to give recipients a history of drug custody. These pedigree rules hope to eliminate the chance that a counterfeit drug—essentially, a product without a documented history—could reach patients through authorized partners, such as pharmacies and hospitals. But such pedigrees are visible from only one vantage point—the recipient’s. Under the current pedigree models, manufacturers don’t have supply-chain visibility.

EPCglobal Inc. has developed a standard to facilitate data exchange among supply-chain partners and increase product visibility. The standard could provide the underpinnings of a pedigree-on-demand system, says Robert Celeste, director, healthcare, for EPCglobal North America (Lawrenceville, NJ). In April the group ratified EPC Information Services (EPCIS), version 1. EPCIS standardizes event-related data sharing, such as the “what, where, when, and why of events,” writes EPCglobal in a recently issued FAQ. “[It] supports a detailed representation of the location and state of material as it moves between organizational boundaries and provides for sharing this in a technologysupplier- independent way between entities or partners.”

Further, EPCIS “will define a standard interface to enable EPC-related data to be captured and queried using a defined set of service operations and associated EPC-related data standards, all combined with appropriate security mechanisms that satisfy the needs of user companies.” It can be used for internal operations as well as for exchanging supply-chain information among several partners.

While the standard focuses on the sharing of an electronic product code, it can be applied to data carried in bar codes as well as RFID tags and other media. Data are secured through specific rules for determining authentication and authorization.

Components of the EPCIS model for data include the following details:

EPC.

Event time.

Business step.

Disposition.

Read point.

Business location.

Business transaction.

Extensions used in pilots include:

Expiration date.

Batch number.

Temperature.

Because such details will only be shared among partners upon demand, EPCIS should not be looked at as a master database or an application. Instead, it presents standard interfaces for sharing such data. “No single organization or small set of organizations holds the data generated everywhere,” EPCglobal writes. “EPC information is collected and owned by the organization collecting the data, by however manner they chose. If that organization wishes to share the data with trading partners, they can choose to provide an EPCIS interface to that data. Each trading partner could then access, on request, any portion of the information for which they are authorized.” No central repository will be created. Instead, sharing could take place securely over the Internet. Companies could develop their own repositories, however, on the data collected.

Given the emerging state pedigree rules for drugs, EPCglobal is in the process of “investigating the use of the EPCglobal network to provide a pedigree-on-demand,” says Celeste. To make the use of EPCIS a possibility for meeting pedigree rules, EPCglobal would need to “layer on top [of EPCIS] a vocabulary for industry,” says Celeste. “There is a multitiered supply chain for pharmaceuticals. Partners may need to be aware of each other even if they have no business interaction.” For instance, he says that a manufacturer may be interested in learning what data a retailer has on products received. A retailer may want to communicate with a manufacturer for authentication purposes, even though each may only deal with a wholesaler or repackager.

One of IBM’s pedigree-building tools is its new Pharmaceutical Track & Trace Solution, released in August 2006. That tool can be used with the firm’s WebSphere RFID Information Center, which facilitates authentication using the EPCIS model. Released in December 2006, WebSphere allows manufacturers to interface with other trading partners using standard EPCIS interfaces and feed captured data into their own internal EPCIS repositories. For instance, a shipment verification feature can automatically track data so that users do not have to evaluate all events. It can also be used to generate pedigrees on demand. “It allows users to see up and down the supply chain,” explained a representative at IBM’s RFID Solutions Center tour during the RFID World event in March. “Use of the system could help companies move toward serialization.”

“Our objective is to complete the chain to enable track-and-trace and pedigree,” says Paul Chang, associate partner, business consulting services, for IBM. “There is not a lot of data sharing going on. The question now is, how can companies deploy practices like serialization and RFID in a smart manner with return on investment? The key to adoption is to look beyond compliance [with pedigree rules] to benefits.”

EPCglobal has been active in helping companies follow pedigree rules. In January, the group issued its Pedigree Messaging Standard, a documentbased model using XML schemas that move chain-of-custody data forward to recipients and are secured with certified digital signatures. It is written to help users meet rules from a number of states, including those of California.

There is hope that a pedigree-ondemand system could satisfy the most stringent pedigree rules, like California’s. “California’s proposed language shows that the state is open to other ideas. It understands the value of pedigree but is aware of other solutions,” says Celeste. “California is not being too prescriptive. It just wants pharmacists to be able to pick up a bottle and know where it has been—such as in dates and locations.”

Others remain skeptical that a pedigree-on-demand system will satisfy California’s rules, however. Such a system “doesn’t exchange pedigree information as the normal mode of operation,” as California, for instance, will require, says Peter Spellman, senior vice president, products and services, for SupplyScape Corp. (Woburn, MA). Instead, companies only “get the pedigree information if they ask for it,
which is much less efficient.” Existing state and pedigree laws require that the pedigree information be exchanged for every distribution, so an on-demand model would not comply unless the laws were changed or the model changed to send the pedigree information for every shipment.